[Dshield] Spamhouse now listing exploited IPs in new blocklist

John Hardin johnh at aproposretail.com
Wed Jan 14 17:35:10 GMT 2004


On Wed, 2004-01-14 at 09:00, Kenton Smith wrote:
> On Wed, 2004-01-14 at 06:16, Stephane Grobety wrote:
> > [To the moderator: if it is off-topic, please do not hesitate to
> > drop this message, just drop me a notice you did so]
> > 
> > I just noticed that SpamHaus has released a new RBL containing a list
> > of IPs that are know to be "exploited" in some way: Open proxy,
> > mass-mailer virus, etc.
> > (http://www.spamhaus.org/news.lasso?article=151)
> > 
> <snip>
> This may be my ignorance of blacklists showing here, so please correct
> me if I'm wrong. Doesn't a black list just affect servers trying to send
> mail? If a home user's machine gets compromised and is being used to
> send spam, it gets blacklisted. Once the person fixes their machine,
> their IP is no longer going to be the source of the email, correct? When
> an average home user sends mail they aren't using their own personal
> SMTP server, they're using their ISP's mail server which (hopefully)
> isn't blacklisted.
> Is there a use for a blacklist that I'm missing here?

That depends. There's nothing preventing an admin from using a DNSBL for
blocking stuff at the boundary router (apart, perhaps, from the
performance hit that would entail... :) 

A blacklist is just a list of IP addresses that meet some given
criteria. The maintainer of the blacklist doesn't generally control how
it is used.

> Chances are that even after taking the proper steps to stop being a
> menace to the general network by cleaning up their system, patching it
> and installing an anti-virus product, they will NOT know how to get
> de-listed for 6 month.

To echo Kenton's comment: so what? If they aren't trying to send normal
email directly, then the blacklisting won't affect them.

The only problem I see is whether this list includes dynamic IPs. That
would greatly reduce its usefulness and greatly increase the possibility
of false positives.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 If you smash a computer to bits with a mallet, that appears to count
 as encryption in the state of Nevada.
                                               - CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------




More information about the list mailing list